Login to controller CLI using SSH. Read-only access is enough, no need to be admin.
First we need to find MAC for IP
(PYONGYANG-WLC-1) #show arp | include 10.42.235.4
Protocol Address Hardware Address Interface
Internet 10.42.235.4 A4:6F:D9:E8:FF:15 vlan2504
So now we know MAC, lets find tunnel it's bridged over.
(PYONGYANG-WLC-1) #show datapath bridge | include A4:6F:D9:E8:FF:15
Datapath Bridge Table Entries
-----------------------------
Flags: P - Permanent, D - Deny, R - Roamed Client, M - Mobile, X - Xsec, A - Auth, T - Trusted
MAC VLAN Assigned VLAN Destination Flags Age
----------------- ---- ------------- ----------- ------- ----
A4:6F:D9:E8:FF:15 2504 2504 tunnel 196 0
If you're interested you can use same command to check for any other clients connected to same AP.
(PYONGYANG-WLC-1) #show datapath bridge | include "tunnel 196"
A4:6F:D9:E8:FF:15 2504 2504 tunnel 196 0
A4:6F:E5:15:37:08 2504 2504 tunnel 196 0
A4:6F:72:53:47:3E 2504 2504 tunnel 196 0
Now that we know tunnel ID we can use it to lookup temporary AP IP
(PYONGYANG-WLC-1) #show datapath tunnel | include 196
Datapath Tunnel Table Entries
-----------------------------
Flags: E - Ether encap, I - Wi-Fi encap, R - Wired tunnel, F - IP fragment OK
W - WEP, K - TKIP, A - AESCCM, G - AESGCM, M - no mcast src filtering
S - Single encrypt, U - Untagged, X - Tunneled node, 1(cert-id) - 802.1X Term-PEAP
2(cert-id) - 802.1X Term-TLS, T - Trusted, L - No looping, d - Drop Bcast/Unknown Mcast,
D - Decrypt tunnel, a - Reduce ARP packets in the air, e - EAPOL only
C - Prohibit new calls, P - Permanent, m - Convert multicast
n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
V - enforce user vlan(open clients only)
H - Standby (HA-Lite), c - IP Compression, g - PAN GlobalProtect Tunnel
# Source Destination Prt Type MTU VLAN Acls BSSID Decaps Encaps Heartbeats Cpu QSz Flags EncapKBytes DecapKBytes
------ -------------- -------------- --- ---- ---- ---- ----------------------- ----------------- ---------- ---------- ---------- --- --- ----- ------------- -----------
196 192.168.8.36 172.17.0.81 47 8110 1200 2504 0 0 2 0 0 00:1A:1E:01:45:13 2019039 1972939 0 13 0 TEPR
Almost there - now just check what AP has that IP
(PYONGYANG-WLC-1) #show ap database | include 172.17.0.81
Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
i = Indoor; o = Outdoor
M = Mesh node; Y = Mesh Recovery
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP Standby IP
---- ----- ------- ---------- ------ ----- --------- ----------
PYONGYANG-RAP25 RAP-PYONGYANG RAP-3WN 172.17.0.81 Up 11d:5h:15m:38s Rc2 192.168.8.36 0.0.0.0
That's it. Problem client is connected to RAP25.
No comments:
Post a Comment
Got something to say?!